Gizmo, an open 

source graphica 

web proxy 



Pocket Knife, not Big Red Button 

• Analysts are smarter than machines 

• Will always understand the problem domain 
better than pre-canned algorithms 

• What is needed is a tool that supports the 
analyst in their pentesting 



What do people do when analyzing 
web applications 

• Search 

• Edit and resend 

• Manipulate requests with scripting languages 

• Intercept requests before editing 

• ...That's about it. 



Simple, Keyboard-Driven Commands 

• Can move around using vi keys as god 
intended 

• (Arrow keys available as well) 



Free 

• GPLv2 

• On code.google.com as gizmo-proxy 

• http://code.google.eom/p/gizmo-proxy/ 



Questions 

Want a copy of the presentation/tool? 

■ Email us at blackhat@isecpartners.com 

■ Instantly receive aN iSEC presentations and 
tools 



